Battle Blog 1.25 (uploadform.asp) Arbitrary File Upload Vulnerability

2009-05-12 / 2009-05-13

Credit: Cyber-Zone

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2009-1609

CWE: CWE-20

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

         ***********************************************************************
         *  Battle Blog 1.25 (uploadform.asp) Remote File Upload Vulnerability *
         ***********************************************************************
         
         Found By : Cyber-Zone (ABDELKHALEK)

         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
         http://localhost/blog/admin/uploadform.asp
         
         After You Upload Your File You Will See The Link To THE File Just Below
         
         some demos :+
         
         http://www.xxx.com/admin/uploadform.asp
         
         Have Nice Day                                             //Cyber-Zone
         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Battle Blog 1.25 (uploadform.asp) Arbitrary File Upload Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.